CN-122027212-A - Unidirectional optical transmission cross-network heterogeneous data security exchange method and system

Abstract

The invention discloses a unidirectional optical transmission cross-network heterogeneous data secure exchange method and a system, which relate to the technical field of data exchange, wherein the method comprises the steps of collecting data to be exchanged of a unidirectional optical transmission channel source side network, and rectifying the data to be exchanged into an intermediate standard representation unit; the method comprises the steps of obtaining optical isolation locking quantity and optical pulse rhythm stable quantity in a preset time window, dividing the optical isolation locking quantity and the optical pulse rhythm stable quantity into an isolation state and a rhythm state respectively, searching a preset rule table according to state combination to obtain a unidirectional optical channel daemon level, selecting a transmission control gear, performing digital signature processing on an intermediate standard representation unit, transmitting the intermediate standard representation unit to a target side network through a unidirectional optical transmission channel, performing photoelectric conversion and analysis on received data, and mapping verified data into a data structure receivable by the target side network. The unidirectional optical channel daemon is constructed through the optical isolation locking quantity and the optical pulse rhythm stabilizing quantity and the transmission control is driven, so that the cross-network data safety exchange is realized on the premise of ensuring unidirectional physical isolation.

Inventors

• GAO LIFANG
• SHEN PEIPEI
• LIU ZIZHOU
• SONG ZHENGZHENG
• SUN ZHIHUAN
• CHEN LIANDONG
• ZHAO JIANBIN
• LI CHENGZHU
• ZHAO LINCONG
• LIU XIANTONG
• CHENG KAI
• Guo Chenhu
• ZHANG LEI

Assignees

• 国网河北省电力有限公司信息通信分公司

Dates

Publication Date

20260512

Application Date

20251231

Claims (10)

1. 1. A unidirectional optical transmission cross-network heterogeneous data security exchange method is characterized by comprising the following steps: Collecting data to be exchanged of a unidirectional optical transmission channel source side network, and orderly forming an intermediate standard representation unit; Acquiring an optical isolation locking quantity and an optical pulse rhythm steady-state quantity in a preset time window, dividing the optical isolation locking quantity into a plurality of isolation states, dividing the optical pulse rhythm steady-state quantity into a plurality of rhythm states, and searching a preset rule table according to the combination of the isolation states and the rhythm states to obtain a unidirectional optical channel daemon level; selecting a transmission control gear according to the unidirectional optical channel daemon level, performing digital signature processing on the intermediate standard representation unit, and transmitting the intermediate standard representation unit to a target side network through a unidirectional optical transmission channel; And carrying out photoelectric conversion and analysis on the received data to obtain an intermediate standard representation unit, and carrying out digital signature verification and integrity verification on the intermediate standard representation unit, wherein only the verified data are mapped into the data receivable by the target side network.
2. 2. The method for safely exchanging unidirectional optical transmission cross-network heterogeneous data according to claim 1, wherein the step of regularizing the unidirectional optical transmission cross-network heterogeneous data into an intermediate standard representation unit comprises the steps of carrying out protocol type identification and format identification on collected data, converting structured data, semi-structured data and unstructured data into unified public metadata and standardized data content, and splitting the standardized data content into a plurality of fragments carrying recombination identifiers when the data volume exceeds a preset scale.
3. 3. The method for safely exchanging unidirectional optical transmission cross-network heterogeneous data according to claim 1, wherein the step of obtaining the optical isolation locking quantity comprises the steps of monitoring optical power in a forward transmission direction and leakage optical power returned along the reverse direction of an optical fiber on the unidirectional optical fiber, obtaining the optical isolation locking quantity representing physical isolation capability according to the relation between the forward optical power and the leakage optical power, and dividing the optical isolation locking quantity into a locking state, a cautious state and a loose state according to a preset threshold value.
4. 4. The method for safely exchanging unidirectional optical transmission cross-network heterogeneous data according to claim 3, wherein the step of obtaining the optical pulse rhythm steady quantity comprises the steps of recording the arrival time of continuous optical pulses at a receiving end, obtaining a pulse interval sequence, obtaining the optical pulse rhythm steady quantity representing the pulse rhythm stability according to the degree of pulse interval deviation from an allowable range and the interval mutation times, and dividing the optical pulse rhythm steady quantity into a steady state, a perturbation state and a disorder state according to a preset threshold value.
5. 5. The method for safely exchanging unidirectional optical transmission cross-network heterogeneous data according to claim 4, wherein searching a preset rule table according to the combination of the isolation state and the rhythm state to obtain the unidirectional optical channel daemon level comprises the following steps: When the optical isolation locking quantity is in a locking state and the optical pulse rhythm steady quantity is in a steady rhythm state, setting the one-way optical channel daemon level as a first level; when the optical isolation locking quantity is in a relaxed state or the optical pulse rhythm steady and steady quantity is in a disorder state, setting the one-way optical channel daemon level as a third level; The unidirectional optical channel daemon level for the remaining combined cases is set to the second level.
6. 6. The method for securely exchanging unidirectional optical transport cross-network heterogeneous data according to claim 5, wherein the obtaining of the unidirectional optical channel daemon level further comprises: The time inertia correction is carried out on the duration time and the jump condition of the unidirectional optical channel daemon level in the adjacent time windows, and when the unidirectional optical channel daemon level is kept to be the first level in a plurality of continuous time windows, the unidirectional optical channel daemon level is kept to be the first level unchanged; When the number of times that the unidirectional optical channel daemon level is switched between the second level and the third level in a plurality of continuous time windows reaches a preset threshold value, correcting the current unidirectional optical channel daemon level to the third level; and when the third level appears in any time window and the preset time window number is continuously reached, the one-way light channel daemon level is kept to be the third level in the subsequent preset time window.
7. 7. The method for exchanging heterogeneous data across a network according to claim 5, wherein the transmission control gear at least comprises a high daemon gear corresponding to the first level of the unidirectional optical channel daemon, a normal gear corresponding to the second level of the unidirectional optical channel daemon, and a low daemon gear corresponding to the third level of the unidirectional optical channel daemon, the data satisfying the access control condition is automatically transmitted in the high daemon gear, the data continues to be automatically transmitted and synchronously generated into an early warning signal in the normal gear, the automatic transmission of the data is suspended in the low daemon gear, the early warning signal is generated and submitted to manual verification, and the data is transmitted when the manual verification passes.
8. 8. The method for secure exchange of unidirectional optical transmission cross-network heterogeneous data according to claim 2, wherein the step of performing digital signature processing on the intermediate standard representation unit comprises selecting an encryption algorithm and a key according to a preset security policy, generating an integrity digest of common metadata and standardized data content of the intermediate standard representation unit, generating a digital signature based on the integrity digest, and verifying the digital signature and the integrity digest at the receiving end.
9. 9. The method for securely exchanging unidirectional optical transmission cross-network heterogeneous data according to claim 1, wherein mapping the verified data into data receivable by the target-side network comprises mapping standardized data content in the intermediate standard representation unit into target database records, message data or file data according to a data model of the target-side network, writing the target database records, message data or file data into a target database, message middleware or file storage system, and realizing heterogeneous data secure exchange between the source-side network and the target-side network.
10. 10. A unidirectional optical transmission cross-network heterogeneous data security switching system for implementing a unidirectional optical transmission cross-network heterogeneous data security switching method as claimed in any one of claims 1 to 9, comprising: The data acquisition module acquires data to be exchanged of a unidirectional optical transmission channel source side network, and the data are orderly converted into an intermediate standard representation unit; the class dividing module is used for acquiring the optical isolation locking quantity and the optical pulse rhythm steady and steady quantity in a preset time window, dividing the optical isolation locking quantity into a plurality of isolation states, dividing the optical pulse rhythm steady and steady quantity into a plurality of rhythm states, and searching a preset rule table according to the combination of the isolation states and the rhythm states to obtain a unidirectional optical channel daemon class; The data transmission module selects a transmission control gear according to the one-way optical channel daemon level, performs digital signature processing on the intermediate standard representation unit and transmits the intermediate standard representation unit to the target side network through the one-way optical transmission channel; And the verification mapping module is used for carrying out photoelectric conversion and analysis on the received data to obtain an intermediate standard representation unit, carrying out digital signature verification and integrity verification on the intermediate standard representation unit, and mapping the verified data into the data receivable by the target side network.

Description

Unidirectional optical transmission cross-network heterogeneous data security exchange method and system Technical Field The invention relates to the technical field of data exchange, in particular to a unidirectional optical transmission cross-network heterogeneous data security exchange method and system. Background In an actual application scenario, the data type of cross-network transmission has been developed from an early single structured message to multi-source heterogeneous data containing structured data, semi-structured data and unstructured data at the same time. The existing cross-network isolation device is often adapted to a specific protocol or a fixed format, and has insufficient unified regulation and representation capability for various data types, so that the problems of poor compatibility, difficult expansion, high maintenance cost and the like exist when the cross-network safety exchange of large-scale and multi-type data is required. To enhance security, data diodes or unidirectional optical shutter devices based on unidirectional optical transmission have been developed in the prior art to achieve physical unidirectional isolation between networks by allowing optical signals to propagate in only one direction at the physical level. Such devices typically rely on general link metrics such as optical module status, link error rate, bandwidth utilization, etc. to determine channel health and operational status. However, the indexes reflect the general quality parameters of the links more, the detailed changes of the physical isolation intensity and the light pulse transmission rhythm of the unidirectional optical channel are not described sufficiently, and the state changes of the physical isolation capability reduction, the abnormal disturbance of the optical path and the like, which are more close to the intrinsic safety of the unidirectional channel, are difficult to reflect in time. In the prior art, aiming at the safety state evaluation of a unidirectional optical channel, the method is in the aspect of general communication indexes such as bandwidth, error code, packet loss and the like, lacks special description and state classification of special physical characteristics of unidirectional optical transmission such as optical isolation capability, optical pulse rhythm and the like, also lacks a systematic method for linking the physical characteristics with cross-network data transmission control, early warning signal generation and manual verification, and is difficult to realize dynamic classification management and risk control of cross-network heterogeneous data safety exchange on the premise of ensuring physical unidirectional isolation. Disclosure of Invention Based on the above-mentioned shortcomings of the prior art, the present invention aims to provide a method and a system for secure exchange of unidirectional optical transmission cross-network heterogeneous data, so as to solve the above-mentioned technical problems. In order to achieve the above purpose, the invention provides a technical scheme that a unidirectional optical transmission cross-network heterogeneous data security exchange method comprises the following steps: Collecting data to be exchanged of a unidirectional optical transmission channel source side network, and orderly forming an intermediate standard representation unit; Acquiring an optical isolation locking quantity and an optical pulse rhythm steady-state quantity in a preset time window, dividing the optical isolation locking quantity into a plurality of isolation states, dividing the optical pulse rhythm steady-state quantity into a plurality of rhythm states, and searching a preset rule table according to the combination of the isolation states and the rhythm states to obtain a unidirectional optical channel daemon level; selecting a transmission control gear according to the unidirectional optical channel daemon level, performing digital signature processing on the intermediate standard representation unit, and transmitting the intermediate standard representation unit to a target side network through a unidirectional optical transmission channel; And carrying out photoelectric conversion and analysis on the received data to obtain an intermediate standard representation unit, and carrying out digital signature verification and integrity verification on the intermediate standard representation unit, wherein only the verified data are mapped into the data receivable by the target side network. The method is further characterized in that the regular-to-intermediate standard representation unit comprises the steps of carrying out protocol type recognition and format recognition on collected data, converting structured data, semi-structured data and unstructured data into unified public metadata and standardized data content, and splitting the standardized data content into a plurality of fragments carrying recombination identifiers when the da